昨天听取了<怀特迈恩>的建议后!
你NOP掉的代码根本没有必要去NOP,而且会导致程序严重出错,无法执行下去。应该NOP的是程序判断,然后跳转的语句。有时候不是NOP,而是修改JZ为JNZ等。
这句话让我很深刻!呵呵!回去就开始着手这些!!
0043BB19 /0F8F CB000000 jg 0043BBEA
0043BB1F |8A4424 11 mov al, byte ptr [esp+11]
0043BB23 |83EC 10 sub esp, 10
0043BB26 |8BD4 mov edx, esp
0043BB28 |BF 70144B00 mov edi, 004B1470 ; 无法获取服务器信息,请检查您的用户名和密码是否正确.
0043BB2D |83C9 FF or ecx, FFFFFFFF
0043BB30 |896424 2C mov dword ptr [esp+2C], esp
0043BB34 |8802 mov byte ptr [edx], al
0043BB36 |33C0 xor eax, eax
0043BB38 |895A 04 mov dword ptr [edx+4], ebx
0043BB3B |895A 08 mov dword ptr [edx+8], ebx
0043BB3E |895A 0C mov dword ptr [edx+C], ebx
0043BB41 |F2:AE repne scas byte ptr es:[edi]
0043BB43 |F7D1 not ecx
0043BB45 |49 dec ecx
0043BB46 |51 push ecx
0043BB47 |68 70144B00 push 004B1470 ; 无法获取服务器信息,请检查您的用户名和密码是否正确.
0043BB4C |8BCA mov ecx, edx
0043BB4E |E8 CD93FCFF call 00404F20
0043BB53 |8D4C24 28 lea ecx, dword ptr [esp+28]
0043BB57 |51 push ecx
0043BB58 |E8 73BA0000 call 004475D0
0043BB5D |83C4 14 add esp, 14
0043BB60 |8B00 mov eax, dword ptr [eax]
0043BB62 |C68424 78010000>mov byte ptr [esp+178], 41
0043BB6A |3BC3 cmp eax, ebx
0043BB6C |74 02 je short 0043BB70
0043BB6E |8B18 mov ebx, dword ptr [eax]
0043BB70 |8B6C24 50 mov ebp, dword ptr [esp+50]
0043BB74 |53 push ebx
0043BB75 |8DB5 C0310000 lea esi, dword ptr [ebp+31C0]
0043BB7B |E8 EEAAFEFF call 0042666E
0043BB80 |83C4 04 add esp, 4
0043BB83 |8BF8 mov edi, eax
0043BB85 |8BCE mov ecx, esi
0043BB87 |6A 01 push 1
0043BB89 |57 push edi
0043BB8A |E8 C16BFCFF call 00402750
0043BB8F |84C0 test al, al
0043BB91 |74 1D je short 0043BBB0
0043BB93 |8B46 04 mov eax, dword ptr [esi+4]
0043BB96 |57 push edi
0043BB97 |53 push ebx
0043BB98 |50 push eax
0043BB99 |E8 1289FCFF call 004044B0
0043BB9E |8B56 04 mov edx, dword ptr [esi+4]
0043BBA1 |897E 08 mov dword ptr [esi+8], edi
0043BBA4 |83C4 0C add esp, 0C
0043BBA7 |66:C7047A 0000 mov word ptr [edx+edi*2], 0
0043BBAD |8D3C7A lea edi, dword ptr [edx+edi*2]
0043BBB0 |8B4424 18 mov eax, dword ptr [esp+18]
0043BBB4 |C68424 78010000>mov byte ptr [esp+178], 3
0043BBBC |85C0 test eax, eax
0043BBBE |74 24 je short 0043BBE4
0043BBC0 |8BF0 mov esi, eax
0043BBC2 |83C0 08 add eax, 8
0043BBC5 |50 push eax
0043BBC6 |FF15 90034900 call dword ptr [<&KERNEL32.Interlocke>; kernel32.InterlockedDecrement
0043BBCC |85C0 test eax, eax
0043BBCE |75 14 jnz short 0043BBE4
0043BBD0 |85F6 test esi, esi
0043BBD2 |74 10 je short 0043BBE4
0043BBD4 |8BCE mov ecx, esi
0043BBD6 |E8 259BFCFF call 00405700
0043BBDB |56 push esi
0043BBDC |E8 793B0400 call 0047F75A
0043BBE1 |83C4 04 add esp, 4
0043BBE4 |33C0 xor eax, eax
0043BBE6 |33DB xor ebx, ebx
0043BBE8 |EB 08 jmp short 0043BBF2
0043BBEA \8B6C24 50 mov ebp, dword ptr [esp+50]
这次我把0043BB19 /0F8F CB000000 jg 0043BBEA \\这里我直接进行jmp
哈哈!成功了!!
进去了!但高兴还早!!登陆后!我发现里面少了创建列表一块地方的信息!
于是我就开始修改直接大跳到连接成功的一块地方jmp....结果还是不行!!!!不知道为什么!!
再次请高手们指点我下!谢谢。
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)